A common JavaScript-related security problem is cross-site scripting, or XSS, a violation of the same-origin policy. XSS vulnerabilities occur when an attacker is able to cause a trusted web site, such as an online banking website, to include a malicious script in the webpage presented to a victim. The script in this example can then access the banking application with the privileges of the victim, potentially disclosing secret information or transferring money without the victim's authorization.
XSS vulnerabilities can also occur because of implementation mistakes by browser authors.
XSS is related to cross-site request forgery or XSRF. In XSRF one website causes a victim's browser to generate fraudulent requests to another site with the victim's legitimate HTTP cookies attached to the request.
XSS vulnerabilities can also occur because of implementation mistakes by browser authors.
XSS is related to cross-site request forgery or XSRF. In XSRF one website causes a victim's browser to generate fraudulent requests to another site with the victim's legitimate HTTP cookies attached to the request.
No comments:
Post a Comment